Online Privacy – Why is it important and how do I keep my information private?

Online Privacy – Why is it important and how do I keep my information private?

There has been a lot of buzz recently about online privacy, however; this is not a new issue by any means. Online privacy has been a concern for years. Go do a quick google search for online privacy and you will see articles from 2010, 2008, etc. discussing the issue. What is new is that thanks to our government your ISP (company you buy your internet from i.e. Verizon, charter, time warner, etc.) will be allowed to sell your browsing habits. So first, why does this matter?

For the most part, it doesn’t. A large percent of what we do online is harmless. For example, me searching for a new video game in google will tell amazon I want that game. And ads on Facebook will be for that game. Kind of cool in a sense that the internet knows what I want. This is also scary. Imagine that you think you are sick with a disease, and now amazon, google, health insurance companies, life insurance companies, future/current employers, know about it. The real question though is, should anyone be able to see what you are doing online? Is it their right? Should your ISP be able to spy on you? If you say OK, I would ask, would you allow your mortgage company to come in your house and go through your drawers? Because that is essentially what is happening. So yes, it is a concern and should be to anyone.

So, what can you do to prevent this from happening? There are a number of things and I am going to break this up so that it’s easier to understand. The important thing to remember is that you are never going to be 100% secure. But you can take steps to make it harder for anyone to spy on you. Think of it like an onion, the closer you are to the middle, the harder it is to get to you. The outer layers (i.e. no security) are easy to get to but several layers in takes more work. Also, keep in mind I am not discussing Malware, Viruses, etc here, I have other blog posts about that but I do always recommend antivirus software, malware software, and a good firewall.

For your computer/browser (for most home users):

Step 1 – get a VPN.

VPN – This is the first thing you need. I am not going to explain what a VPN is, just that it makes it so that your ISP (or job) cannot see what you are doing. They can only see that you are connected and using data. Now, the issue with VPN is that the VPN company can see what you are doing. So yes, they can sell your data just like your ISP. But I trust them more and most do not sell your data, just the shady bad ones do. However, keep in mind if you are doing something illegal, the VPN company will turn your information over to authorities if they are subpoenaed – no one is going to jail for you.

There are tons of options for paid and free ones. I personally like Hotspot shield, CyberGhost, and Windscribe because they have free versions. Here is a link to them:

https://www.hotspotshield.com/

https://www.cyberghostvpn.com

https://windscribe.com/

Step 2 – Start using Firefox.

Why? Because of the security and add-ons. Once you download Firefox, you need to install the following add-ons. They are: HTTPS Everywhere and 1 of the privacy/adblock addons I explained below. They will not affect your browsing experience, they will however make it much more secure. Additionally, use the private browsing mode of the browser.

And do these:

  1. Add NoScript, uBlock, Disconnect, or Privacy Badger to your Firefox add-ons. This prevents only scripts that you allow. I personally use uBlock and Privacy Badger together.
  2. Use DuckDuckGo search engine. This is a search engine that does not record/track your searches. You can very easily make this your default browser by going to your browser settings and its just as good as Google. https://duckduckgo.com/

For the most secure (for people who are more technically inclined):

Use Tor Browser. Tor browser with its default settings is going to be super secure. Its slower because of how it works to hide your identity but if you are searching things no one can know about, use this. https://www.torproject.org/

Download Tor Client. Tor is the best security that most home users can set up themselves. If you are a super high tech person and want something more secure you already know way more than what I am blogging about and shouldn’t even be reading this so this post is not for you.  https://www.torproject.org/

For your mobile device:

  1. Get a VPN. There are tons of free ones. You can use hotspot shield as I mentioned above. I use X-VPN on IOS. Keep it on always.
  2. For android, get Firefox browser and use the add-ons I mentioned above. Use private mode.
  3. For apple, use Firefox Focus browser. Apple does not allow Firefox add-ons, so use their focus browser. It’s actually much fast than any other mobile browser.
  4. Use DuckDuckGo search engine. This is a search engine that does not record/track your searches. https://duckduckgo.com/
  5. Use the web version of apps, not the apps themselves. For example, use facebook in the browser, rather than the app. Yea I know a big pain.

For those that want to be super secure, use a Tor browser. While there is no official mobile Tor browser there are tons that are free ones that use the Tor network. I personally have Onion browser for my iPhone.

Computer Adware, Viruses, Malware, and Security

Have problems with any of these? Here is a list of steps and freeware you should use to fix and protect your machine. Please note this is for PC only and all software is free:

1. Run rKill – This will stop all of the bad stuff from running so that you can run other software to delete it.

2. Run Malwarebytes and Ad-Aware

3. Run Combofix

4. Run Antivirus and keep it installed/running – ClamAv

5. Install security and keep it installed/running – Zonealarm

Once you have scanned your computer with the first 4 it should be clear. I would then recommend step 5 and keep it running on default settings. Also keep ClamAV running. The others should be run and used as there are problems on your machine.

 

phpBB forum security: How do I keep out spam?

This is a problem most of us who run any kind of database run into. How do I keep out spam? Of course there is an easy solution which is that you as a moderator approve each user request that comes in to determine if its a real person or bot but who has time for that? I know I do not. That is a full time job when you are running several applications requiring user registration – especially when 1000s of bots would try to register each day. So here are the things you can do, and these are specifically for phpBB forums but can be used for any software that requires registration and I am going to say whether these things are effective or not:

Non effective ways to prevent spam (bots just tear right through these but they still might help a little bit. Just do NOT rely on these):

– Email activation
– Captchas (the images where you write the numbers/letters that you see in the box)
– Asking for special characters on username/password
– Confirming email address

Effective ways to prevent spam

– Few registration attempts – this gives the bot less times to guess
– Questions – this will pretty much stop all spam. You need to ask questions that the computer will not know. Please not that bots have lists of 1000s of questions so you need to ask questions that are specific to your site only but is easy enough for your user base to answer. 2+2 is not good. But the last name of the author of this blog is ____, would be a good question. I have found these block nearly 100% of my spam. If you do start getting spam that means your questions are too easy.
– Using a service like akismet, which is awesome but doesnt currently have a plugin for phpBB. This works great for wordpress though.

So how do you add those questions in phpBB to prevent spam? There are two way and I encourage you to do both:

Method 1:

in the Admin control panel go to->spambot countermeasures->available plugins->Q&A->configure. From here you would create your questions.

Method 2:

In the admin control panel go to->users and groups->custom profile fields->then you would create a new field. From here make sure you require the question at registration.

For an example of a forum using these methods, check out my surfing forum and try to register: http://www.njsurfingclub.com/messageBoard

HTML5 Security and Vulnerability Issues

While these are fairly obvious they are something that users pushing HTML5 should be aware of. The first is vulnerability. What does this mean?

All of your code is essentially open source. While thats great for me, its not great for businesses and really anyone who is trying to make money off of their software. There are some ways around it but keep in mind that both HTML5 and Javascript are open source. Here is a good article that goes into it:

HTML5 – Not Designed for Business Applications

The next issue is security. Apparently the standards have not really been developed with security in mind as it will really be up the developers, users, and browsers. So there are going to be some issues when this is used more often…and of course this is the case with any new technology. Here is an article that goes into the topic:

Old hacking tricks work too easily in attacks on HTML5, security expert says